To prevent you from losing your accounts to hackers, passwords were layered with an additional coating of two-factor authentication (2FA), which would verify your identity via OTPs sent to your SMS inbox.
However, with the threat of SIM hackers now on the rise, Instagram is upgrading its 2FA process to a non-SMS one.
The spotlight was put on Instagram today due to an excellent (and terrifying) article from Motherboard, which explained how hackers can steal a phone number by reassigning it to a different SIM card, then using it to steal passwords and access accounts via SMS two-factor. attack because right now, when you turn on Instagram’s two-factor authentication, account codes and password reset requests are sent via your phone number.
Instagram has already been testing the new two-factor authentication method, with screenshots and details baked into the code for the Instagram Android app.
As per the recent update that comes via TechCrunch, Instagram is working on a non-SMS based 2FA process, which will use third-party authentication apps like Google Authenticator or Duo. These apps generate a code, which is similar to an OTP, but this code cannot be generated on a different phone in case a hacker ports your number to their SIM.An Instagram spokesperson confirmed the screenshots are legitimate and said Instagram is “continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication.”